From e6abe7522911437678f178e9ca10e3111840766b Mon Sep 17 00:00:00 2001
From: lizzy <lizzyaustad@gmail.com>
Date: Thu, 24 Oct 2019 15:12:26 -0700
Subject: [PATCH] flask initial jwt auth and hash db pwd #40 #41 #42

---
 app/__init__.py  |  5 +++--
 config.py        |  1 +
 pangeanetwork.py | 56 ++++++++++++++++++++++++++++++++++++++++++++----
 requirements.txt |  2 ++
 4 files changed, 58 insertions(+), 6 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index 1854f59..e808c2d 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -1,6 +1,7 @@
 from flask import Flask, request, current_app
 from flask_cors import CORS
 from flask_sqlalchemy import SQLAlchemy
+from passlib.hash import pbkdf2_sha256 as sha256
 import os
 from config import Config
 
@@ -71,7 +72,7 @@ def build_sample_db(app):
       first_name='Admin',
       last_name='User',
       email='admin',
-      password='admin',
+      password=sha256.hash('admin'),
       phone='254798745678',
       role_id=super_user_role.id,
       co_op_id=co_op_1.id
@@ -80,7 +81,7 @@ def build_sample_db(app):
       first_name='Test',
       last_name='User',
       email='test@user.com',
-      password='12345',
+      password=sha256.hash('12345'),
       phone='254987654321',
       role_id=user_role.id,
       co_op_id=co_op_1.id
diff --git a/config.py b/config.py
index 7201dd5..2be5f5b 100644
--- a/config.py
+++ b/config.py
@@ -2,6 +2,7 @@ class Config(object):
   FLASK_ADMIN_SWATCH = 'flatly'
 
   SECRET_KEY = '123456790'
+  JWT_SECRET_KEY = 'abcdefg'
 
   # database config
   DATABASE_FILE = 'sample_db.sqlite'
diff --git a/pangeanetwork.py b/pangeanetwork.py
index 840aea9..b4e4d3b 100644
--- a/pangeanetwork.py
+++ b/pangeanetwork.py
@@ -2,15 +2,19 @@
 import os
 import os.path as op
 from datetime import datetime
-from flask import Flask
-from flask import request
+from flask import Flask, request, Response
 from flask_sqlalchemy import SQLAlchemy
-from flask import Response
-from app.models import User, CoOp, Role, Loan, Transaction 
+from flask_jwt_extended import (
+    JWTManager, jwt_required, create_access_token,
+    get_jwt_identity
+)
+from passlib.hash import pbkdf2_sha256 as sha256
+from app.models import User, CoOp, Role, Loan, Transaction
 import africastalking
 import json
 
 app = create_app()
+jwt = JWTManager(app)
 
 username = "sandbox"
 api_key = os.environ.get('AT_API_KEY')
@@ -196,6 +200,7 @@ def index():
 
 
 @app.route('/transactions', methods=['GET'])
+@jwt_required
 def transactions():
   data = []
   transactions = Transaction.query.order_by(Transaction.timestamp.desc()).all()
@@ -217,6 +222,7 @@ def transactions():
 
 
 @app.route('/members', methods=['GET', 'POST'])
+@jwt_required
 def members():
   if request.method == 'GET':
     data = []
@@ -245,6 +251,7 @@ def members():
 
 
 @app.route('/coops', methods=['GET'])
+@jwt_required
 def coops():
   data = []
   coops = CoOp.query.all()
@@ -266,6 +273,7 @@ def coops():
 
 
 @app.route('/loans', methods=['GET'])
+@jwt_required
 def loans():
   loans = Loan.query.all()
   data = []
@@ -284,5 +292,45 @@ def loans():
   results = {'data': data}
   return Response(json.dumps(results), mimetype='application/json')
 
+
+@app.route('/register', methods=['POST'])
+def register():
+  email = request.form['email']
+  test = User.query.filter_by(email=email).first()
+  if test:
+    return Response(json.dumps({'message': 'That email already exists.'}), mimetype='application/json'), 409
+  else:
+    first_name = request.form['first_name']
+    last_name = request.form['last_name']
+    last_name = request.form['last_name']
+    password = request.form['password']
+    role_id = request.form['role_id']
+    co_op_id = request.form['co_op_id']
+    phone = request.form['phone']
+    user = User(first_name=first_name, last_name=last_name, email=email, password=sha256.hash(password), role_id=role_id, co_op_id=co_op_id, phone=phone)
+    db.session.add(user)
+    db.session.commit()
+    return Response(json.dumps({ 'message': 'Admin created successfully.' }), mimetype='application/json'), 201
+
+
+@app.route('/login', methods=['POST'])
+def login():
+  if request.is_json:
+    email = request.json['email']
+    password = request.json['password']
+  else:
+    email = request.form['email']
+    password = request.form['password']
+  test = User.query.filter_by(email=email).first()
+  if test:
+    if sha256.verify(password, test.password):
+      access_token = create_access_token(identity=email)
+      return Response(json.dumps({ 'message': 'Login succeeded', 'access_token': access_token }), mimetype='application/json')
+    else:
+      return Response(json.dumps({ 'message': 'Invalid email/password.' }), mimetype='application/json'), 401
+  else:
+    return Response(json.dumps({ 'message': 'That email does not exist.' }), mimetype='application/json'), 401
+
+
 if __name__ == '__main__':
   app.run()
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 005d44f..a61729e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,3 +3,5 @@ Flask-Admin
 Flask-SQLAlchemy
 Flask-CORS
 africastalking
+flask-jwt-extended
+passlib